Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6373

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00984EPSS
Exploits1References5
Veracode
Veracode
added 2022/07/26 10:11 a.m.25 views

Prototype Pollution

conf-cfg-ini is vulnerable to prototype pollution. A malicious INI file can be parsed and decoded as it does not protect the properties such as "proto" to pollute the global object prototype...

9.8CVSS8.9AI score0.00984EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/07/26 12:1 a.m.19 views

GHSA-M6MG-JVJF-W44X conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2

This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS9.4AI score0.00984EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/07/26 12:1 a.m.22 views

conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2

This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS8.8AI score0.00984EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2022/07/25 2:6 p.m.46 views

CVE-2020-28441

The CVE-2020-28441 issue affects the package conf-cfg-ini prior to 1.2.2. A malicious INI file parsed by decode can cause prototype pollution, allowing an attacker to pollute the application’s prototype and potentially enable further exploitation depending on context. Affected components: conf-cf...

9.8CVSS8.3AI score0.00984EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.6 views

conf-cfg-ini 安全漏洞

conf-cfg-ini is a package from the individual developer Rolf Loges in Germany. It uses Node.js to encode and decode conf/cfg/ini-Files. A security vulnerability exists in conf-cfg-ini versions prior to 1.2.2, which stems from the fact that this package is susceptible to prototype contamination; i...

9.8CVSS8.2AI score0.00984EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/25 12:0 a.m.6 views

PT-2022-8895 · Unknown · Conf-Cfg-Ini

Name of the Vulnerable Software and Affected Versions: conf-cfg-ini versions prior to 1.2.2 Description: The issue arises when an attacker submits a malicious INI file to an application that parses it with decode, resulting in prototype pollution on the application. This can be exploited further...

9.8CVSS9.3AI score0.00984EPSS
Exploits1References9
Snyk
Snyk
added 2020/12/08 1:2 p.m.4 views

Prototype Pollution

Overview conf-cfg-ini is an encode and decode ini,conf,cfg files Affected versions of this package are vulnerable to Prototype Pollution. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be...

9.8CVSS9AI score0.00984EPSS
Exploits1References2
Rows per page
Query Builder